The other day Robert Hackett at Fortune.com wrote a handy piece about Stagefright entitled ‘Everything You Need To Know About Google’s Android Megabug’. Robert broke it down into an easy to read Q & A between himself and your average Androidian which was a great way of getting the message across.
Whilst the conversation was decidedly unrealistic (it lacked lag) it also failed to join the dots but in doing so demonstrated why the people of Androidia need to wake up – FAST.
Why? Because when you join the dots then this way something nasty comes…
First off, here’s Fortune’s easy to grasp and gently fluffy video on what Stagefright is:
Now, in the Q & A Robert breaks it all down nicely. First off he gives his Androidian friends a nice big hug with a touch of sardonic wit,
Stagefright? What? Huh? That’s what you’ve been asking yourself ever since the Internet erupted yesterday over the announcement of a big computer bug in Google’s Android operating system.
In fact, you might still be wondering: Is my phone safe? Wait, the Internet erupted? Did it actually explode? (Is that even possible?)
And that’s fair enough. After all, who am I to argue?
Oh, only it all goes horribly wrong from there. Robert points out what we already know, that the bugliness is sent via MMS, unpacked nicely within your phone and:
Once inside, an attacker can access your phone’s data, photos, camera, microphone. What’s worse is that a clever baddie can delete the booby-trapped message from your phone before you even realize that your device has been compromised. So basically, yeah it’s bad.
Yup. And it gets worse! Imagine this scenario: Someone attacks your phone, steals your contact list, automatically targets those devices—rinse, repeat. Now everyone’s infected.
So yes, it’s not much fun.
But wait… doesn’t this all sound rather familiar? Steals your contact list??? Oh, of course, the difference between this and the likes of Whatsapp and Voxer is that you give permission for them to steal your friends data. Still, hey, at least Robert has one answer to protecting himself since, as he points out, due to the very nature of Android, you won’t be seeing those security patches any time soon. Why? Because they are stuck with your carrier and/or phone manufacturer. So, what to do…
Can I do anything else to be safer?
First, ask your device manufacturer for an update: When will a patch be available and will you be covered? You might also consider changing the settings on your Android apps that use MMS, like Messaging and Hangouts. Un-click “automatically retrieve MMS messages.” In the meantime, consider using Snapchat or WhatsApp to swap clips, GIFs, and whatnot.
Other than that, keep your phone number private, I guess? Drake, the guy who found the flaw, plans to present more details at the Black Hat conference next month.
Okay, thanks for the tips. If I have any other questions, can I call you?
No, sorry. My phone number is private information.
Just testing you!
Ah I see what you did there, you jokester!
Of course, there is EVERY chance Robert is a Whatsapp and/or Facebook user. And, as we have explored previously not only are Facebook/Whatsapp splattering your private number everywhere they can think of, they are also using your location to spread their spawn amongst anyone within range, only to send your private number to another truckload of people you don’t know.
Which, of course, Stagefright will exploit with impunity.
And no one will stop it. They can’t.
So, when you join the dots, it would seem this whole silly thing about a vulnerability affecting 1 BILLON Android users is just something to be laughed off. After all, the internet hasn’t exploded now, has it?
Or, if you would rather you weren’t at risk from having your life taken over there is one very, very, simple solution.
Buy a BlackBerry.
I know! Simple really!